8231365: ServicePermission::equals doesn't comply to the spec
authorweijun
Tue, 29 Oct 2019 09:34:23 +0800
changeset 58831 b026a43e1809
parent 58830 fa0b9f9c597a
child 58832 203fceb089fc
child 58834 f78e7ce060b0
child 58836 31ec3e55fa3d
child 58838 55ce65813b62
8231365: ServicePermission::equals doesn't comply to the spec 8231196: DelegationPermission allows to create an instance that thows NPE on ::equals call Reviewed-by: mullan
src/java.security.jgss/share/classes/javax/security/auth/kerberos/DelegationPermission.java
src/java.security.jgss/share/classes/javax/security/auth/kerberos/ServicePermission.java
test/jdk/javax/security/auth/kerberos/DelegationPermissionHash.java
test/jdk/javax/security/auth/kerberos/DelegationPermissionInit.java
test/jdk/javax/security/auth/kerberos/ServicePermissionEquals.java
--- a/src/java.security.jgss/share/classes/javax/security/auth/kerberos/DelegationPermission.java	Tue Oct 29 09:34:21 2019 +0800
+++ b/src/java.security.jgss/share/classes/javax/security/auth/kerberos/DelegationPermission.java	Tue Oct 29 09:34:23 2019 +0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -78,7 +78,8 @@
      * @param principals the name of the subordinate and target principals
      *
      * @throws NullPointerException if {@code principals} is {@code null}.
-     * @throws IllegalArgumentException if {@code principals} is empty.
+     * @throws IllegalArgumentException if {@code principals} is empty,
+     *      or does not contain a pair of principals, or is improperly quoted
      */
     public DelegationPermission(String principals) {
         super(principals);
@@ -94,7 +95,8 @@
      * @param actions should be null.
      *
      * @throws NullPointerException if {@code principals} is {@code null}.
-     * @throws IllegalArgumentException if {@code principals} is empty.
+     * @throws IllegalArgumentException if {@code principals} is empty,
+     *      or does not contain a pair of principals, or is improperly quoted
      */
     public DelegationPermission(String principals, String actions) {
         super(principals, actions);
@@ -116,14 +118,19 @@
         } else {
             t = new StringTokenizer(target, "\"", false);
             subordinate = t.nextToken();
-            if (t.countTokens() == 2) {
-                t.nextToken();  // bypass whitespace
-                service = t.nextToken();
-            } else if (t.countTokens() > 0) {
-                throw new IllegalArgumentException
-                    ("service principal [" + t.nextToken() +
-                     "] syntax invalid: " +
-                     "improperly quoted");
+            switch (t.countTokens()) {
+                case 2:
+                    t.nextToken();  // bypass whitespace
+                    service = t.nextToken();
+                    break;
+                case 0:
+                    throw new IllegalArgumentException
+                            ("service principal not provided");
+                default:
+                    throw new IllegalArgumentException
+                            ("service principal [" + t.nextToken() +
+                            "] syntax invalid: " +
+                            "improperly quoted");
             }
         }
     }
--- a/src/java.security.jgss/share/classes/javax/security/auth/kerberos/ServicePermission.java	Tue Oct 29 09:34:21 2019 +0800
+++ b/src/java.security.jgss/share/classes/javax/security/auth/kerberos/ServicePermission.java	Tue Oct 29 09:34:23 2019 +0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -238,7 +238,7 @@
             return false;
 
         ServicePermission that = (ServicePermission) obj;
-        return ((this.mask & that.mask) == that.mask) &&
+        return (this.mask == that.mask) &&
             this.getName().equals(that.getName());
 
 
--- a/test/jdk/javax/security/auth/kerberos/DelegationPermissionHash.java	Tue Oct 29 09:34:21 2019 +0800
+++ b/test/jdk/javax/security/auth/kerberos/DelegationPermissionHash.java	Tue Oct 29 09:34:23 2019 +0800
@@ -4,9 +4,7 @@
  *
  * This code is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
+ * published by the Free Software Foundation.
  *
  * This code is distributed in the hope that it will be useful, but WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/javax/security/auth/kerberos/DelegationPermissionInit.java	Tue Oct 29 09:34:23 2019 +0800
@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import javax.security.auth.kerberos.DelegationPermission;
+
+/*
+ * @test
+ * @bug 8231196
+ * @summary DelegationPermission allows to create an instance that thows NPE on ::equals call
+ * @run main/fail DelegationPermissionInit
+ */
+public class DelegationPermissionInit {
+    public static void main(String[] args) {
+        new DelegationPermission("\"user@REALM\"");
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/javax/security/auth/kerberos/ServicePermissionEquals.java	Tue Oct 29 09:34:23 2019 +0800
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8231365
+ * @library /test/lib
+ * @summary ServicePermission::equals doesn't comply to the spec
+ */
+
+import jdk.test.lib.Asserts;
+
+import javax.security.auth.kerberos.ServicePermission;
+
+public class ServicePermissionEquals {
+    public static void main(String[] args) throws Exception {
+        ServicePermission p1 = new ServicePermission("user@REALM", "initiate");
+        ServicePermission p2 = new ServicePermission("user@REALM", "accept");
+        ServicePermission p3 = new ServicePermission("user@REALM", "initiate,accept");
+
+        Asserts.assertNotEquals(p1.hashCode(), p2.hashCode());
+        Asserts.assertNotEquals(p1.hashCode(), p3.hashCode());
+        Asserts.assertNotEquals(p3.hashCode(), p2.hashCode());
+
+        Asserts.assertFalse(p1.equals(p2));
+        Asserts.assertFalse(p1.equals(p3));
+        Asserts.assertFalse(p3.equals(p2));
+    }
+}